Alerte Alerte
HackersBlog
United
- Se poate sparge parola de Yahoo?
In ultimii ani apar tot felul de articole pe tot felul de bloguri sau site-uri romanesti, care mai de care mai alambicoase si pline de fictiune, subiectul fiind mereu “cum se sparge parola de Yahoo”. Cum peste tot gasesti aceleasi prostii si dezinformari am zis sa dezvolt putin ideea si sa explic ce e realitate [...] - Gmail uber hacking
Din seria “bine ca sunt altii prosti” va prezint inca o metoda de uber hacking ce nu are legatura cu hackingul. Sa spunem ca avem nevoie de niste conturi gmail deja facute. Conteaza motivul? Nu cred. Poate pentru a nu ne lovi de confirmarea prin sms e un motiv foarte bun. Cum poti face rost de [...] - Phishing de calitate cu news.vodafone.ro
Vrei sa prostesti lumea sa dea click pe linkul tau? Ai nevoie de un domeniu credibil pentru a-i face pe oameni sa inghita gogosile tale? Nu stii cum sa iti imprastii troienii? Foloseste news.vodafone.ro si vei avea parte de satisfactie garantata. Azi am primit un mesaj pe id-ul de messenger. Un individ pe care nu il stiu, dar in [...] - Forumul Andreei Balan spart
Credite si sursa: cronix Nu cred ca e nevoie de prea multe comentarii: - Ca sa nu uit
http://muvix.ro – primul site legal romanesc ce va ofera posibilitatea sa inchiriati si sa vizualizati filme (doar) online. Mai multe informatii la Orlando. O sa revin cu un articol despre ideea respectiva imediat cum o sa-mi fac putin timp pentru a scrie ceva mai mult. Subiectul va fi desigur legat de posibile metode ce pot fi [...] - Administrati va rog
Seaquaterra.ro este un site rar intalnit. El se bazeaza pe principiul “nu exista oameni rai pe lumea asta” si probabil tocmai din aceasta cauza in meniu are link catre pagina de administrare. Parola… ioc. Pentru cei care doresc sa se joace, apasati butonul “acasa” din meniul site-ului si veti gasi pagina de administrare. Sfat: daca intrati [...] - Price.ro owned
Inca nu se cunoaste autorul dar voi reveni cu detalii in momentul in care voi afla amanunte. Afectata este sectiunea rating & comentarii de la orice produs. http://price.ro/review_iris_the_best_of_160258.htm Sursa: http://rstcenter.com/forum/18746-funny-ownage.rst - When will they learn?
http://unu123456.baywords.com/2009/12/18/emea-symantec-hacked-again/ - Fun cu NemoExpres.ro
Se intra pe www.nemoexpres.ro, se da click pe butonul “Urmarire”, se da click pe “Cautare avansata”, dupa care introducem in campul de logare ’ or 1=1–. Old school shit. Bonus: http://www.drojdie.info/2009/07/25/nemo-expres-sau-cum-sa-iti-bati-joc-de-clienti/ - O nelamurire despre okidoki.ro
Nu inteleg de ce okidoki.ro a de-indexat HackersBlog. Stiu ca era indexat inca de la aparitia motorului de cautare respectiv. Mare problema nu e, traficul venit dinspre okidoki fiind egal cu zero atunci cand eram indexati, dar sunt curios care e motivul pentru care un motor de cautare aflat la inceput de drum elimina site-uri din [...]
Trend Micro - Newest Malware Advisories
Latest malware advisory from Trend Micro
- JS_SHELLCODE.CD
Malware: JS_SHELLCODE.CD - BKDR_ARUGIZER.A
Malware: BKDR_ARUGIZER.A - TROJ_FAKEAV.STL
Malware: TROJ_FAKEAV.STL - TROJ_FAKEAV.JSA
Malware: TROJ_FAKEAV.JSA - TROJ_PIDIEF.SML
Malware: TROJ_PIDIEF.SML - WORM_IRCBOT.ABJ
Malware: WORM_IRCBOT.ABJ - WORM_KOOBFACE.IT
Malware: WORM_KOOBFACE.IT - TROJ_FAKEXPA.CE
Malware: TROJ_FAKEXPA.CE - TROJ_FAKEVIME.AB
Malware: TROJ_FAKEVIME.AB - TROJ_FAKEAV.EAQ
Malware: TROJ_FAKEAV.EAQ
BitDefender - Real-time Virus Reporting
BitDefender - Real-time Virus Reporting 
- Win32.Brontok.MO
Win32.Brontok.MO - Worm.Generic.77995
Worm.Generic.77995 - Trojan.Autorun.AKY
Trojan.Autorun.AKY - Win32.Generic.5643
Win32.Generic.5643 - Gen:Trojan.Heur.cm0@sXMe7ogib
Gen:Trojan.Heur.cm0@sXMe7ogib - Trojan.AutorunINF.Gen
Trojan.AutorunINF.Gen - Trojan.Autorun.ND
Trojan.Autorun.ND - Trojan.Script.233182
Trojan.Script.233182 - Win32.Generic.496453
Win32.Generic.496453 - Win32.Worm.DownadupJob.A
Win32.Worm.DownadupJob.A
FrSIRT Security Advisories
FrSIRT - Vulnerabilities and Security Advisories 24/7
- FrSIRT - ClamAV "cli_check_jpeg_exploit()" Denial of Service Vulnerability
A vulnerability has been identified in ClamAV (Clam AntiVirus), which could be exploited by attackers or malware to cause a denial of service... - FrSIRT - PHP TV Portal "mid" Parameter Remote SQL Injection Vulnerability
A vulnerability has been identified in PHP TV Portal, which could be exploited by attackers to manipulate and inject SQL queries... - FrSIRT - CMS Made Simple "cms_language" Local File Inclusion Vulnerability
A vulnerability has been identified in CMS Made Simple, which could be exploited by attackers to gain knowledge of sensitive information... - FrSIRT - Oramon "oramon.ini" Remote Information Disclosure Vulnerability
A vulnerability has been identified in Oramon, which could be exploited by remote attackers to gain knowledge of sensitive information... - FrSIRT - ActiveVotes "AccountID" Parameter Remote SQL Injection Vulnerability
A vulnerability has been identified in ActiveVotes, which could be exploited by attackers to manipulate and inject SQL queries... - FrSIRT - Active Web Mail "TabOpenQuickTab1" SQL Injection Vulnerability
A vulnerability has been identified in Active Web Mail, which could be exploited by attackers to manipulate and inject SQL queries... - FrSIRT - Active Bids "ItemID" Parameter Remote SQL Injection Vulnerability
A vulnerability has been identified in Active Bids, which could be exploited by attackers to manipulate and inject SQL queries... - FrSIRT - ASPThai.Net Forum Remote Database Disclosure Vulnerability
A vulnerability has been identified in ASPThai... - FrSIRT - Lito Lite CMS "cid" Parameter Remote SQL Injection Vulnerability
A vulnerability has been identified in Lito Lite CMS, which could be exploited by attackers to manipulate and inject SQL queries... - FrSIRT - Active Test "QuizID" Parameter Remote SQL Injection Vulnerabilities
Multiple vulnerabilities have been identified in Active Test, which could be exploited by remote attackers to inject arbitrary SQL queries...
LinuxSecurity.com - Security Advisories
The central voice for Linux and Open Source security news.
- Slackware: 2010-069-01: pidgin: Security Update
LinuxSecurity.com: New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix denial of service issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [More Info...] - Mandriva: 2010:060: squid
LinuxSecurity.com: A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers [More...] - Debian: 2011-1: dpkg: path traversal
LinuxSecurity.com: William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification [More...] - Mandriva: 2010:059: virtualbox
LinuxSecurity.com: A vulnerability has been found and corrected in virtualbox: Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial [More...] - Debian: : kvm: privilege escalation/denial
LinuxSecurity.com: Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
Packet Storm Security Advisories
Packet Storm Last 10 Advisories
- USN-909-1.txt
Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. - dsa-2011-1.txt
Debian Linux Security Advisory 2011-1 - William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content. - MDVSA-2010-060.txt
Mandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. - USN-908-1.txt
Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. - MDVSA-2010-059.txt
Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
